<html><head><title>ZAP Wavsep Report</title></head><body>
<h1><img src="http://zaproxy.googlecode.com/svn/trunk/src/resource/zap64x64.png" align="middle">OWASP ZAP watcher results</h1>
Generated: 2012-07-13 18:27
<h3>Total Score</h3>
<font style="BACKGROUND-COLOR: GREEN">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</font><font style="BACKGROUND-COLOR: RED">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</font>26%<br/>Pass: 11<br/>Fail: 31<br/>Total: 42<br/><h3>Detailed Results</h3>
<table border="1">
<tr><th>Page</th><th>Result</th><th>Pass</th><th>Fail</th><th>Other</th>
<tr><td>Check.Pasv.Asp.Net.ViewState.Mac.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Charset.Mismatch.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Charset.Utf8.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Cookie.HttpOnly.php</td><td><font style="BACKGROUND-COLOR: GREEN">&nbsp;PASS&nbsp</font></td><td>HttpOnly&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Cookie.LooselyScoped.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Cookie.Secure.php</td><td><font style="BACKGROUND-COLOR: GREEN">&nbsp;PASS&nbsp</font></td><td>InsecureCookie&nbsp;</td><td>&nbsp;</td><td>XFrame CacheControl XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.CrossDomain.FormSubmit.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame CSRF XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.CrossDomain.JavascriptReference.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.CrossDomain.ScriptReference.php</td><td><font style="BACKGROUND-COLOR: GREEN">&nbsp;PASS&nbsp</font></td><td>CrossJS&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.CrossDomain.StyleSheetInclusion.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Flash.AllowScriptAccess.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Flash.CrossDomain.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Header.CacheControl.php</td><td><font style="BACKGROUND-COLOR: GREEN">&nbsp;PASS&nbsp</font></td><td>CacheControl&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Header.ContentTypeMissing.php</td><td><font style="BACKGROUND-COLOR: GREEN">&nbsp;PASS&nbsp</font></td><td>XContent&nbsp;</td><td>&nbsp;</td><td>NoContentHeader&nbsp;</td></tr>
<tr><td>Check.Pasv.Header.FrameOptions.php</td><td><font style="BACKGROUND-COLOR: GREEN">&nbsp;PASS&nbsp</font></td><td>XFrame&nbsp;</td><td>&nbsp;</td><td>XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Header.IeXssProtection.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame IE8XSSfilter XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Header.InternalIp.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Header.MimeSniff.php</td><td><font style="BACKGROUND-COLOR: GREEN">&nbsp;PASS&nbsp</font></td><td>NoContentHeader&nbsp;</td><td>&nbsp;</td><td>XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Header.WeakAuth.php</td><td><font style="BACKGROUND-COLOR: GREEN">&nbsp;PASS&nbsp</font></td><td>WeakAuth&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.InformationDisclosure.Comments.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.InformationDisclosure.DatabaseErrors.php</td><td><font style="BACKGROUND-COLOR: GREEN">&nbsp;PASS&nbsp</font></td><td>InfoDb&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.InformationDisclosure.DebugErrors.php</td><td><font style="BACKGROUND-COLOR: GREEN">&nbsp;PASS&nbsp</font></td><td>InfoDebug&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.InformationDisclosure.InUrl.php</td><td><font style="BACKGROUND-COLOR: GREEN">&nbsp;PASS&nbsp</font></td><td>InfoUrl&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.InformationDisclosure.ReferrerLeak.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>InfoUrl XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Java.ViewState.Uncompressed.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Java.ViewState.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Javascript.DomainLowering.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Javascript.Eval.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.SSL.CertValidation.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame CacheControl XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.SSL.InsecureFormLoad.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame CSRF XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.SSL.InsecureFormPost.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame CacheControl CSRF XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.SSL.StrictTransportSecurity.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame CacheControl XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.SSL.Version.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame CacheControl XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.SharePoint.DocLib.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Silverlight.ClientAccessPolicy.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Silverlight.EnableHtmlAccess.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.Unicode.InvalidUTF8.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.UserControlled.Charset.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.UserControlled.Cookie.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.UserControlled.HtmlAttributes.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame CSRF XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.UserControlled.JavascriptEvent.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame CSRF XContent&nbsp;</td></tr>
<tr><td>Check.Pasv.UserControlled.JavascriptProperty.php</td><td><font style="BACKGROUND-COLOR: RED">&nbsp;FAIL&nbsp</font></td><td>&nbsp;</td><td>&nbsp;</td><td>XFrame XContent&nbsp;</td></tr>
</table><br/>
<h3>Alerts Key</h3>
<table border="1">
<tr><th>Alert</th><th>Description</th>
<tr><td>Auto</td><td>Password Autocomplete in browser</td></tr>
<tr><td>CSRF</td><td>Cross Site Request Forgery</td></tr>
<tr><td>CacheControl</td><td>Incomplete or no cache-control and pragma HTTPHeader set</td></tr>
<tr><td>CrossJS</td><td>Cross-domain JavaScript source file inclusion</td></tr>
<tr><td>HttpOnly</td><td>Cookie set without HttpOnly flag</td></tr>
<tr><td>IE8XSSfilter</td><td>IE8's XSS protection filter not disabled</td></tr>
<tr><td>InfoDb</td><td>Information disclosure - database error messages</td></tr>
<tr><td>InfoDebug</td><td>Information disclosure - debug error messages</td></tr>
<tr><td>InfoUrl</td><td>Information disclosure - sensitive informations in URL</td></tr>
<tr><td>InsecureCookie</td><td>Cookie set without secure flag</td></tr>
<tr><td>NoContentHeader</td><td>Content-Type header missing</td></tr>
<tr><td>SQLfp</td><td>SQL Injection Fingerprinting</td></tr>
<tr><td>SQLi</td><td>SQL Injection</td></tr>
<tr><td>WeakAuth</td><td>Weak HTTP authentication over an unsecured connection</td></tr>
<tr><td>XContent</td><td>X-Content-Type-Options header missing</td></tr>
<tr><td>XFrame</td><td>X-Frame-Options header not set</td></tr>
<tr><td>XSS</td><td>Cross Site Scripting</td></tr>
</table><br/>
</body></html>
